REMARKS 



The Office Action dated October 30, 2007 has been received and carefully noted. 
The above amendments to the claims, and the following remarks, are submitted as a full 
and complete response thereto. 

Claims 1-28 are pending in the application. Claims 1, 7-8, 13-22, and 26-28 have 
been amended to more particularly point out and distinctly claim the subject matter of the 
invention. Claims 11, 23, and 25 have been canceled. Claims 29-37 are new. No new 
subject matter has been added. Support for these amendments can be found throughout 
the Specification, including at paragraphs 11, 28, 32-34, and 37-38. Claims 1-10, 12-22, 
24, and 26-37 are submitted for consideration. 

Claims 1-10, 1 1-22, 24, and 26-28 were rejected under 35 U.S.C. §102(e) as being 
anticipated by Pirttimaa (US 2003/0154400 - hereinafter Pirttimaa). This rejection is 
traversed as follows. 

Claim 1, upon which claims 2-10, 12, 28, and 33 depend, is generally directed to a 
method that includes forwarding a prefix value from a first node to a second node in a 
packet switched environment, said prefix value referring to a portion of a first internet 
protocol address associated with the first node. The method also includes creating a 
security association between the first node and the second node based on the prefix value. 
The security association is valid for a plurality of different intemet protocol addresses, 



each of said internet protocol addresses including said portion of the first internet 
protocol address to which the prefix value refers. 

Claim 13, upon which claims 14-22, 24, and 34 depend, is generally directed to a 
system that includes a first node and a second node in a packet switched environment. 
The first node is configured to forward a prefix value in a message to the second node. 
The prefix value refers to a portion of a first intemet protocol address of the first node. 
The second node is configured to create a security association with the first node based 
on the prefix value. The security association is valid for a plurality of different intemet 
protocol addresses, and each of the intemet protocol addresses includes a portion of the 
first intemet protocol address to which the prefix value refers. 

Claim 26, upon which claim 35 depends, is generally directed to a communication 
terminal that includes a prefix value to be forwarded to a node in a packet switched 
environment, to create a security association with the communication terminal. The 
prefix value refers to a portion of a first intemet protocol address of the communication 
terminal. The security association is valid for a plurality of different intemet protocol 
addresses, each of the intemet protocol addresses includes said portion of the first intemet 
protocol address to which the prefix value refers. 

Claim 27 is generally directed to a security association apparatus that includes a 
first communication means and a second communication means in a packet switched 
environment. The security association apparatus also includes a forwarding means for 
forwarding a prefix value in a message from the first communication means to the second 

-12- 



communication means, said prefix value referring to a portion of a first internet protocol 
address of the first communication means. The security association apparatus further 
includes a creating means for creating a security association between the first 
communication means and the second communication means based on the prefix value. 
The security association is valid for a plurality of different intemet protocol addresses. 
Each of the intemet protocol addresses includes said portion of the first intemet protocol 
address to which the prefix value refers. 

Claim 29 is generally directed to a communication terminal that includes a 
forwarding means for forwarding a prefix value to a node in a packet switched 
environment to create a security association with the communication terminal. The 
prefix value refers to a portion of a first intemet protocol address of the communication 
terminal. The security association is vaUd for a plurality of different intemet protocol 
addresses. Each of said intemet protocol addresses includes said portion of the first 
intemet protocol address to which the prefix value refers. 

Claim 30, upon which claim 36 depends, is generally directed to a security 
association apparatus that includes a first communication unit and a second 
communication unit in a packet switched environment. The security association 
apparatus also includes a forwarding unit configured to forward a prefix value in a 
message from the first communication unit to the second communication unit. The prefix 
value refers to a portion of the intemet protocol address of the first communication unit. 
The security association apparatus also includes a creating unit configured to create a 
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security association between the first communication unit and the second communication 
unit based on the prefix value. The security association is valid for a plurality of different 
intemet protocol addresses. Each of the internet protocol addresses includes a portion of 
the first intemet protocol address to which the prefix value refers. 

Claim 31, upon which claim 37 depends, is generally directed to a second node 
that includes a receiving unit for receiving a prefix value from a first node in a packet 
switched environment. The prefix value refers to a portion of a first intemet protocol 
address of the first node. The second node also includes a creation unit for creating a 
security association between the first node and the second node based on the prefix value. 
The security association is valid for a pluraUty of different intemet protocol addresses. 
Each of said intemet protocol addresses include said portion of the first intemet protocol 
address to which the prefix value refers. 

Claim 32 is generally directed to a second node that includes a receiving means for 
receiving a prefix value from a first node in a packet switched environment. The prefix 
value refers to a portion of a first intemet protocol address of the first node. The second 
node also includes a creation means for creating a security association between the first 
node and the second node based on the prefix value. The security association is valid for 
a plurality of different intemet protocol addresses. Each of said plurality of intemet 
protocol addresses includes said portion of the first intemet protocol address to which the 
prefix value refers. 
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Each of the foregoing claims recites hmitations that are not disclosed or suggested 
by Pirttimaa. 

Pirttimaa generally discloses a network element for providing secure access to a 
packet data network. In Pirttimaa, a first source information is derived from a message 
received from a terminal device. The first source information is compared with a second 
source information derived from a packet data unit used for conveying said message, or 
derived from a security association set up between the terminal device and the data 
network. A protection processing for protecting the packet data network from a 
fraudulent user attack is then initiated based on the comparing result. 

However, Pirttimaa fails to disclose or suggest "said prefix value referring to a 
portion of a first intemet protocol address associated with the first node; creating a 
security association between the first node and the second node based on the prefix 
value," as recited in claim 1, 

The Office Action takes the position that the "SIP register message with address 
included" of Pirttimaa is comparable to the "prefix value" of claim 1. However, 
Pirttimaa discloses that the entire "address" is used to create a security association 
between the user equipment and the proxy. Distinctly, the "prefix value" of claim 1 
refers to a portion of a first intemet protocol. In Pirttimaa, the address used to create the 
security association is the full IMPI of the user equipment, i.e., the full IP address of the 
UE. In paragraph 41 of Pirttimaa, the IP address is bound with the security parameters 
(e.g., the integrity key) of the user equipment in the proxy. Referring to paragraph 47 and 
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Figure 4 of Pirttimaa, this full IMPI is used in a comparison with an IP address (i.e., a full 
IMPI) included in a SIP message. 

There is no disclosure or suggestion that the address information bound to the 
Pirttimaa integrity key is only part of the IMPI. Additionally, there is no disclosure or 
suggestion that the address information included in the header of a SIP message is only 
part of the IMPI of a user equipment. Accordingly, Pirttimaa fails to disclose or suggest 
"said prefix value referring to a portion of a first intemet protocol address associated with 
the first node; creating a security association between the first node and the second node 
based on the prefix value," as recited in claim 1 . 

Additionally, Pirttimaa fails to disclose or suggest "the security association is valid 
for a plurality of different intemet protocol addresses, each of said plurality of intemet 
protocol addresses including said portion of the first intemet protocol address to which 
the prefix value refers," as recited in claim 1 . 

A review of Pirttimaa demonstrates that Pirttimaa only discloses a security 
association regarding a single IP address which creates various problems. For example, 
if a security association is established using the actual IP address of a user equipment, 
then when the user equipment generates a different IP address, such as when it moves 
from one cell to another, then the security association will need to be reestablished. 
When a user equipment changes its IP address, then the user equipment may delete an 
existing security association and initiate an unprotected registration procedure using its 
new IP address as the source IP address in the packets carrying the REGISTER message. 
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However, this disadvantageously complicates the security association management in the 
proxy, as there might be ongoing sessions when the need may arise at the user equipment 
to delete the current security association and set up a new one. 

The limitations recited in claim 1 advantageously avoid this problem since the 
security association between two nodes is based on a prefix value of an IP address. This 
enables the first node to generate new IP addresses (within the prefix) for itself and send 
the packets with that address inside the security association. Therefore, the user 
equipment would not be required to delete the existing security association and set up a 
new one towards its newly generated IP address. In other words, the security association 
does not need to be negotiated every time a user equipment performs an auto- 
configuration. Furthermore, a single security association can be used for a plurality of 
different devices with different IP addresses, so long as each of the IP addresses of those 
devices includes the portion of the first IP address to which the prefix value refers. 

Pirttimaa, on the other hand, is only concerned with securing access by user 
equipment to IMS services by carrying out a comparison between an IP address included 
in the header of a SIP message and another address. There is no disclosure or suggestion 
in Pirttimaa of creating a security association based on a prefix value referring to a 
portion of an IP address associated with a node, and no discussion of setting up a security 
association which is valid for a plurality of different IP addresses that include a common 
portion to which such a prefix value refers. 
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In light of the foregoing, Applicant respectfully submits that Pirttimaa fails to 
disclose or suggest all the limitations of claim 1. Additionally, Applicant respectfully 
asserts that Pirttimaa fails to disclose or suggest all the limitations of claims 13, 16, 26- 
27, and 29-32 as these claims recite limitations similar to the limitations of claim 1, 
though each claim has its own scope. Furthermore, Applicant respectfully asserts that 
Pirttimaa fails to disclose or suggest the limitations of claims 2-20, 12-22, 24, 28, and 33- 
37 for at least their dependency from claims 1, 13, 26, 30, and 31. Therefore, Applicant 
respectfully requests that the § 102(e) rejection be withdrawn and that all of the claims 
pass to allowance and issue. 

If for any reason the Examiner determines that the application is not now in 
condition for allowance, it is respectfully requested that the Examiner contact, by 
telephone, the applicants* undersigned representative at the indicated telephone number to 
arrange for an interview to expedite the disposition of this application. 
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In the event this paper is not being timely filed, the applicants respectfully petition 
for an appropriate extension of time. Any fees for such m extension together with any 
additional fees may be charged to Counsel's Deposit Account 50-2222. 
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